Operations Cost

Cloud deployment of Windows applications, like XProtect VMS, is different from on-premises deployment especially concerning how the IT operation is orchestrated and structured. Cloud not only enables significant opportunities for outsourcing and optimization of the IT operations, but it changes the way that compute and storage infrastructure is acquired; from upfront purchase of static hardware, to a flexible pay-per-use purchase of hardware as a service.

As the list of parameters that impacts the operational cost is long, and it varies from enterprise to enterprise depending on nature of business, industry, and geographical location, it is difficult make an exact calculation of the operational costs. This section will therefore only discuss the direct operational costs associated with a deployment of XProtect on AWS.

The following subsections discuss the cost of AWS services when used with XProtect VMS.

Price calculator

To simplify the price calculation of running XProtect on AWS, Milestone provides a price calculator. The XProtect on AWS calculator is available on Milestone Documentation portal. Please note that this calculator is intended to provide an indicative price only. As it is based on a set of service execution assumptions, the final cost can only be determined by the final deployment and the contractual agreements with AWS.

Figure 12. The XProtect BYOL price calculator makes it easy to calculate the AWS service costs for running XProtect on AWS

AWS EC2 instances

The instance type required for a specific XProtect VMS deployment will depend on a wide range of parameters, including number of cameras in the system, stream properties such as resolution and framerate and the use of server-side motion detection. Please note the significant savings that can be obtained by using RI saving plans (see: General AWS pricing logic).

Appendix C – EC2 performance discusses the details around the selection of the EC2 instance.

AWS EBS storage

XProtect defines two EBS general purpose SSD (gp2) storage for:

  • Windows OS system and XProtect VMS configuration data

  • VMS media database repository

The EBS storage used for the Windows OS and the XProtect VMS configuration data is defined as 100 GB as default.

The EBS volume defined for the media database shall, as discussed in Appendix D – Media storage dimensioning, be defined to accommodate roughly 24 hours of recordings, where the actual size will depend on degree of recording and video stream properties such as resolution, framerate and image complexity. One should aim to optimize the allocation of the EBS storage, as it is relatively costly compared to the far more cost efficient FSx storage used for archiving databases. Another more cost efficient scenario is also available using S3 storage, but that requires Surveillance Bridge software from Tiger Surveillance. See Appendix F – Surveillance Bridge from Tiger Surveillance.

AWS FSx storage

The Amazon FSx for Windows File Server is used for long-term video storage, where the primary cost drivers are dependent on how much data is to be retained and for how long, as discussed in Appendix D – Media storage dimensioning. The Amazon FSx for Windows File Server is a flexibly priced storage service, where customers only pay for the resources they use. Whereas the native FSx service have several pricing parameters, only a reduced set are relevant when used together with XProtect:

  • Storage capacity


The average amount of storage provisioned in the file systems per month, measured in gigabyte-months "GB-Months".

  • Throughput capacity


The price of throughput capacity depends on the deployment type (single-AZ or multi-AZ) that is selected. The charge covers the average throughput capacity provisioned for the file systems per month, measured in “MBps-months”. For multi-AZ file systems, the cost to transfer data between Availability Zones for replication of data is included in the throughput capacity price.

AWS offers two different storage types: SSD or HDD. With reference to Appendix D – Media storage dimensioning, Milestone recommends HDD.

FSx is available in two different deployment modes:

  • Single-AZ


Redundancy on disk level

  • Multi-AZ


Redundancy on data center (AZ) level, where media archives are replicated across two different data centers.

AWS FSx further operates with a data backup offering and a Data Deduplication capability, which reduces costs associated with redundant data by storing duplicated portions of your files only once. Due to the nature of video data, neither of these two services are relevant for XProtect video archives.

AWS S3 storage

Another storage type offered by AWS is S3. S3 is an object storage while XProtect stores the videos in a file system structure. Therefore a software is needed in order to enable using S3 for video storage. Milestone provides the option to install Surveillance Bridge of Tiger Surveillance in the CloudFormation template.

The CloudFormation template installs the Surveillance Bridge pluginfrom Tiger Surveillance automatically along the other XProtect components during the initialization process. See Appendix F – Surveillance Bridge from Tiger Surveillance.

S3 storage pricing has now been changing recently with a decreasing trend and is yet another viable option for video storage.

AWS Site-to-Site VPN

The requirements on cloud connectivity varies significantly from organization to organization, and AWS offers several different networking services to meet these diverse needs. This white paper only discusses the basic AWS Site-to-Site VPN service. The Site-to-Site VPN service has a simple pricing logic of cost per VPN connection hour. The only data throughput charges that applies to Site-to-Site VPN service are the general VPC data egress charges accounted for in next section.

VPC data egress

Although AWS provides VPC without cost, there is a cost associated with data transfer out from the VPC, often referred to as data egress. XProtect VMS generates data egress when users access the XProtect system through the different XProtect clients (as discussed in section: User Access).

The amount of data egress is highly dependent on user behavior patterns, where the following aspects are the primary parameters in estimating the amount of egress data:

  • Number of users

  • Which XProtect clients is used

  • Frequency and duration of use

  • Amount of video streams viewed

  • Use of XProtect network bandwidth optimization features

Figure 13 illustrates the complexity in estimating the data egress costs, and the importance of optimizing these costs. The graph presents the yearly cost for one user accessing the XProtect VMS system through different methods at different usage patterns both in terms of average usage time per day (the x-axis) and how many camera streams that are viewed (4 and 36 cameras respectively). The three user access methods illustrated in the graph are:

  • XProtect Smart Client with Full HD (H.264 at 1080p) streams at 30 frames per second, corresponding to 4 Mbit/s per viewed stream.

  • XProtect Smart Client with adaptive Streaming, where alternative streams with lower resolution have been selected. When viewing 4 streams, 720p streams have been selected, and when viewing 36 cameras, 240p streams have been selected.

  • AppStream 2.0 with XProtect Smart Client hosted on a g4dn.xlarge EC2 instance type.

Figure 13. Accumulated yearly user access cost for different user access methods at different levels of average daily usage. The cost includes VPC data egress costs US East (N. Virginia) and workstation hardware costs, and presented for 4 and 32 H.264 streams at original stream size of 4 Mbit/s

1

The graph shows that the yearly cost is a linear function of how many hours a user accesses the system. While the cost grows dramatically when using non adaptive stream access, the adaptive streaming feature keeps the data egress cost at a reasonable level, even when the usage is extensive measured both in number of access hours a day, and number of viewed cameras. Amazon AppStream 2.0 is a viable alternative.

Amazon AppStream 2.0

With reference to the sectionVPC data egress and Figure 13, running the Smart Client as a hosted client application in AppStream 2.0 can be a viable and attractive alternative to running the full client on the end customer premises. Especially in deployments with infrequent occasional usage patterns where the average access time per user is less than 3 hours a day.

AppStream 2.0 is priced though three principal parameters:

  • Number of enabled unique users

  • Duration of usage

  • Used EC2 instance type in the AppStream Fleet

While the use of AppStream imposes additional AWS service costs, there is no data egress costs for the data transmitted as a part of the AppStream client streaming session. In addition to this, AppStream has the potential to unlock additional savings on workstation hardware and reduced desktop IT administration effort.

AWS service optimization

Dimensioning server and storage infrastructure for a video surveillance installation is complex, involving numerous assumptions around degree of recording, image complexity, user access patterns, just to mention a few. With the many assumptions that need to be made, there is an evident risk for errors resulting in system overprovisioning. In a physical deployment surplus hardware is sunk cost, but in a cloud deployment there are unlimited opportunities for post deployment optimization, and thus cost reductions.

It is therefore important to emphasize that even though the dimensioning of an AWS deployed XProtect system needs to follow the same principal design steps as a traditional on-premises system, the consequences of an error in the assumptions or in the actual design calculations are far for as fatal and in the physical deployment. When deploying a XProtect system on AWS, there are wide range of opportunities optimize and finetune the design when the system is in production, as a part of a post deployment optimization.

Additional costs

In addition to the AWS service charges one should add the Internet access service provided by the regional Internet Service Provider or network carrier, and the on-premises router equipment needed. The internet access costs are difficult to estimate, as there are major regional differences in availability, up-link speed, and pricing.

General AWS pricing logic

Readers who are not familiar with AWS general pricing policies are advised to study these on AWS website https://aws.amazon.com/pricing/. AWS also provides a full set of price calculators for their service range: https://calculator.aws/#/.

There are however some of the fundamental AWS pricing concepts that can be relevant to point out when using AWS as infrastructure platform for XProtect:

  • Region used


Prices on AWS services vary between Regions, dependent on availability and other factors. Although the differences are not significant, one should make sure to apply the specific Region in which the XProtect BYOL CloudFormation is to be deployed.

  • Service pricing logic


Each of the AWS services that are relevant for the XProtect deployment have their own pricing logic and pricing parameters. All though, most services are priced on a specific time unit (per hour or per month), some services are priced on additional parameters such as throughput, number of connections etc. System integrators and end-customers are recommended to study the pricing mechanisms for the relevant services used by XProtect.

  • Saving plans


AWS offers a wide range of saving plans for its different services. The most relevant for deployments of XProtect on AWS is the Reserved Instance (RI) plan for the EC2 instance used for the XProtect deployment. As video surveillance installations in most cases are intended for long-term continuous usage considerable savings can be obtained by making either a one or a three-year reservation of the EC2 instance. AWS offers different RI Classes, where the Standard provides enough flexibility to shift EC2 instance, when and as the installation grows or is optimized.